Escalating Threats to Critical Infrastructure from Geopolitical and Cyber Actors
Cybersecurity experts warn that attacks targeting critical infrastructure are expected to intensify, with a particular focus on operational technology (OT) systems. The evolving threat landscape is being shaped by geopolitical tensions, with state actors, criminal groups, and hacktivists increasingly seeking to cause physical disruption and damage, rather than merely stealing sensitive information. Experts highlight that hybrid warfare tactics are becoming more frequent, and the convergence of cyber and kinetic operations is reaching a critical inflection point for infrastructure security.
Industry leaders and analysts predict that future attacks will closely follow geopolitical conflicts, making critical infrastructure a prime target in both cyber and physical domains. The discussions emphasize the need for organizations to reassess their risk management strategies and bolster defenses across multiple domains to address the growing sophistication and intent of adversaries targeting essential services and national assets.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
1 event from the most recent confirmed update back to the earliest known activity.
Experts warn critical infrastructure threats will intensify in 2026
Security, intelligence, law enforcement, and industry experts said attacks on critical infrastructure, especially operational technology environments, are expected to increase in 2026 amid rising geopolitical tensions. They highlighted a shift in state-backed activity from espionage toward disruption and potential physical damage, with cyber operations increasingly tied to hybrid and kinetic conflict.
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
2 references tracked. Mallory keeps watching after this page renders.
See the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
Geopolitical Risks Elevate Threats to Cyber-Physical Systems and OT Supply Chains
Claroty researchers have warned that global conflicts, civil unrest, and tariff wars are significantly increasing the risks facing cyber-physical systems, particularly those underpinning critical infrastructure and operational technology (OT). According to the Global State of CPS Security 2025 report, attackers are expected to exploit vulnerabilities introduced by disrupted supply chains, with predictions that at least one major cyber-physical breach will occur within the next year. The instability in sourcing, manufacturing, and delivery of hardware and software components—driven by geopolitical tensions—has forced organizations to rely on new or less-vetted vendors, heightening the risk of unknown vulnerabilities in OT, building management, and healthcare systems. Experts emphasize that changes in supply chain geography and sourcing, often resulting from trade restrictions and sanctions, can undermine the integrity and security of critical systems. The report, based on a global survey of 1,100 cybersecurity professionals, highlights the urgent need for organizations to reassess their risk management strategies and strengthen supply chain security to mitigate the evolving threat landscape. The convergence of geopolitical instability and fragile supply chains is creating new opportunities for cyber adversaries to target essential infrastructure worldwide.
Mar 21, 2026
US Critical Infrastructure Security and Modernization Initiatives
US critical infrastructure faces increasing threats from both aging technology and sophisticated nation-state adversaries, prompting urgent calls for modernization and enhanced security. Experts highlight the unique challenges of operational technology (OT) environments, such as legacy systems and limited budgets, and discuss Tennessee's ambitious efforts to become the most secure state by hardening its power grids, water systems, and industrial controls. Nationally, organizations like the Institute for Critical Infrastructure Technology (ICIT) are advocating for a comprehensive vision to strengthen and modernize critical infrastructure by 2026, emphasizing the need for greater awareness, investment, and resilience against both physical and cyber threats. Recent incidents underscore the severity of the threat landscape, with Chinese state-sponsored actors reportedly pre-positioning themselves within US water utilities and other essential services, moving beyond espionage to potential disruptive and destructive operations. The growing vulnerability of basic services, such as electricity and water, has become a political and security flashpoint, with rising costs and overdue bills compounding the risks. These developments have drawn attention from policymakers, industry leaders, and the public, reinforcing the necessity for coordinated action to protect the nation's critical infrastructure from evolving cyber and physical threats.
Mar 21, 2026
Rising Risk of State-Linked Attacks on Power Grids and Operational Technology
Reporting highlighted growing concern that **state-affiliated and state-linked actors** are positioning for disruptive attacks against **operational technology (OT)** and critical infrastructure, with activity that may be difficult for operators to detect. A Codific analysis described five common pathways seen in disruptive grid-focused intrusions—often beginning with **human error or exposed perimeter services**, then escalating through **credential theft**, **remote access exploitation** (e.g., VPNs/gateways), **ransomware**, and misuse of **legitimate industrial commands** that can delay operations and complicate detection and recovery; it also warned that attacks on virtualized environments can hinder restoration efforts and that cascading impacts could be severe (e.g., Lloyd’s “Business Blackout” scenario estimating losses up to **$1T**). Recommended mitigations emphasized proven controls such as **phishing-resistant MFA** and **IT/OT segmentation**, rather than novel defenses. Separate commentary and media content also pointed to OT becoming a frontline in geopolitical escalation, including claims of a coordinated campaign tied to Iran-linked hacktivist activity targeting OT devices such as **Unitronics PLCs** used in water and industrial facilities, alongside psychological operations and SMS spoofing. Other items in the set were leadership/career/podcast-style content without specific incident or vulnerability detail and do not materially add to the OT/power-grid threat reporting.
Mar 21, 2026